1. Field of the Invention
The invention relates to a data carrier device for outputting data stored in the data carrier device to at least one data reading device, which data carrier device includes data storage means for storing data and fail count storage means for storing a fail count, password information storage means for storing at least one password information item, and test means for testing whether password information output to the data carrier device by a data reading device matches password information stored in the password information storage means, and for changing a fail count, stored in the fail count storage means, in dependence on the test result, the data carrier device being capable of outputting data stored in the data storage means to at least one data reading device if, in case the tested password information matches, the fail count stored in the fail count storage means equals an access value.
2. Description of the Prior Art
A data carrier device of the kind set forth in the first paragraph is known from the document U.S. Pat. No. 5,594,227 A and is formed by a smart card. The smart card can be inserted into a smart card terminal which constitutes a data reading device and is arranged to read data stored in data storage means of the smart card and to display data read on a display screen of the smart card terminal.
The smart card includes test means for comparing password information, applied to the smart card terminal by a user, with password information stored in password information storage means of the smart card, and to output, in the case of matching of the tested password information, data stored in the data storage means of the smart card to the smart card terminal. The test means are arranged to change, in dependence on the test result, values contained in a fail count and a delay count.
A value of the fail count stored in fail count storage means then indicates how often a user has entered incorrect password information which does not match the password information stored in the smart card, the value "1" being subtracted from the stored value of the fail count upon each entry of correct password information matching the password information stored in the smart card.
A value of the delay count stored in delay count storage means indicates how long, after having entered incorrect password information, a user must wait before the user can enter password information again in the smart card terminal. When the value "1" is stored as the delay count, the user can enter password information again after expiration of a delay time amounting to two seconds subsequent to the detection of a mismatch of the tested password information by the test means. When the value "2" is stored as the delay count, further password information can be entered only after a delay time of four seconds whereas in the case of a value "3" password information can be entered again only after a delay time of eight seconds; in the case of a delay count equaling "16", further password information can be entered only after a delay time amounting to 18.2 hours.
When a user inserts the smart card into a smart card terminal and subsequently inputs password information into the smart card terminal, the value "0" is stored for the fail count as well as for the delay count. If the password information entered by the user does not match the password information stored in the smart card, the text "ACCESS DENIED" is displayed on the display screen of the smart card terminal and the value "1" is stored as the fail count and as the delay count.
In the case of further mismatching of the password information stored in the smart card and further password information, entered no sooner than after a delay time of two seconds, the text "ACCESS DENIED" is again displayed on the display screen of the smart card terminal and the value "2" is stored as the fail count and as the delay count.
In case the password information stored in the smart card subsequently matches further password information, entered no sooner than after a delay time amounting to four seconds, the text "ACCESS DENIED" is displayed once more on the display screen of the smart card and the value "1" is stored as the fail count and the value "3" as the delay number.
The smart card outputs the data stored in the data storage means of the smart card to the smart card terminal for display only if the test means establish the matching of the tested password information and if a value stored as the fail count equals an access value "0". In this case the text "ACCESS GRANTED" is displayed on the display screen of the smart card terminal and subsequently data selected by the user and stored in the data storage means of the smart card is displayed on the display screen of the smart card terminal.
However, it has been found that after attempted tampering with the known smart card, during which a user who is not authorized to use the smart card has attempted to achieve display of data stored in the data storage means of the smart card by entering a plurality of possible password information items, the delay times already become so long that the smart card is practically no longer suitable for use. A user who is authorized to use a smart card and knows the correct password information stored in the smart card must then enter the correct password information 16 times, until the access value "0" is stored as the fail count, after a tampering attempt during which, for example incorrect password information has been entered 16 times. After each entry of the correct password information, however, a delay time of 8.2 hours must be observed before the correct password information can be entered again, so that the data stored in the data storage means of the smart card can be displayed to the authorized user on the display screen of the smart card terminal no sooner than after 5.5 days.